LDAP?

jwojda
Valued Contributor II

How does one troubleshoot an LDAP connection? We've had casper set to
check against a specific LDAP server since we first set up casper. The
powers that be decided to sunset that server so we had to go back and
re-configure Casper to use our AD domain's LDAP. We were able to
resetup all the required accounts, but seemingly at random times people
can't login to anything casper related (Admin, Remote, or the JSS).
However, if they "wait" for 2 or 3 minutes and try again, everything is
fine. The casper server is up, because local accounts work just fine
and I can remote into the server and see that everything is running...

I can't find anything in the system.log or anything to see what the
problems is. Am I looking in the wrong location? How can I find out
why or where the problem is?

John Wojda

Lead System Engineer, DEI & Mobility

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

Page: (224)532.3447

Team Lead DEI: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

Team Lead Mobility: Chris
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.> Sta
Ana

Mac Tip/Tricks/Self Service & Support
<http://bit.ly/gMa7TB>

7 REPLIES 7

RobertHammen
Valued Contributor II

I remember when we had issues trying to integrate our JSS with AD, when the JAMF folks remotely assisted us, they used Apache Directory Studio to troubleshoot. Looks like a great tool - I've used it once or twice at other sites.
On May 4, 2011, at 8:32 AM, Wojda, John wrote:

http://directory.apache.org/studio

Give it a shot. If nothing else you'll already have it somewhere when/if you need JAMF's help.

--Robert

Not applicable

I would make sure and check that your network ports, subnets, VLAN's and DNS are working correctly. I had an issue with initially setting up our Casper setup because the server connection via port 8443 (https) could not be made for traffic to and from the Domain controller.

I hope this helps.
--
Antoine K. Kinch
Sr Desktop Engineer

USPS Office of Inspector General
1735 N. Lynn Street
Arlington, VA 22209
Direct: 703.248.2159
Mobile: 571.337.2602

![external image link](attachments/980c1a5746914c25b3b7c243fc01ccd8)

jwojda
Valued Contributor II

Yesterday we wiped and reloaded our main JSS. Everything is back up
except for our LDAP connection. Prior to wiping the system our ldap was
functional. The JSS did repopulate the ldap settings but returns that
every id we look up is not found..

Where can I find the logs from what I assume would be the JSS reporting
why logins are failing?

John Wojda

Lead System Engineer, DEI & Mobility

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

Page: (224)532.3447

Team Lead DEI: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

Team Lead Mobility: Chris
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.> Sta
Ana

Mac Tip/Tricks/Self Service & Support
<http://bit.ly/gMa7TB>

"Any time you choose to be inflexible in your approach to an
unpredictable project you are already building failure into your plan"

jarednichols
Honored Contributor

You may have better luck looking on the LDAP side of things to see where it's hanging up. Depending on the directory you're looking at, you may need to make sure you've got both your server's certificate and your organization's root ca installed in Tomcat.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

jwojda
Valued Contributor II

Weird, we've never done anything like that in the past, and it's the
same OS / JSS version as we had prior. We just plugged in our LDAP to
the LDAP setup on JSS and it worked.

John Wojda

Lead System Engineer, DEI & Mobility

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

Page: (224)532.3447

Team Lead DEI: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

Team Lead Mobility: Chris
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.> Sta
Ana

Mac Tip/Tricks/Self Service & Support
<http://bit.ly/gMa7TB>

"Any time you choose to be inflexible in your approach to an
unpredictable project you are already building failure into your plan"

jarednichols
Honored Contributor

What LDAP system are you pointed to?
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

pbenton
New Contributor II

Had an issue today with LDAP not working. We were told years ago to put two LDAP servers in our config for HA reasons. But turns out now that even if one of them fails (VPN to off site AD in this case) no one can login. Seems to block the use of the second AD server too.

Might want to check if you still have the old AD server listed that was to be "sunset".